Password-authenticated Key Exchange protocols distinguishing feature is the client will authenticate to the server using a password.

Password-authenticated Key Exchange is where two or more parties, based only on their knowledge of a password, establish a Cryptographic Key using an exchange of messages, such that an unauthorized party (one who controls the communication channel but does not possess the password) cannot participate in the method and is constrained as much as possible from brute force guessing the password. (The optimal case yields exactly one guess per run exchange.)

Two forms of Password-authenticated Key Exchange are Balanced and Augmented methods.